Earlier this year, a browser extension used by millions of users was removed from the Chrome Web Store for containing malware. Why Extension Security?īrowser extensions have an incredible amount of access to user data and, if not properly accounted for, can quickly become a security blindspot. We’ve also updated the user interface to ensure consistency across reports.
This enables the tool to provide up-to-date security assessments with a potential risk score, alerting the user to possible red flags and risks that extensions may introduce. This addition greatly expands the scope and accessibility of the tool and more thoroughly secures users. CRXcavator will now continuously scan the Firefox add-on and Edge extension store as it does for Chrome, generating and updating CRXcavator reports for all extensions, as well as scanning for newly-added ones as they become available. Security teams at organizations such as Lyft and Datadog have adopted the tool as part of their security strategies researchers have used CRXcavator to help Google uncover and take down hundreds of malicious extensions and hundreds of thousands of security conscious users have utilized the tool to in their personal and professional lives to improve their security posture.Īfter democratizing extension security for Chrome, we are thrilled to announce a major update to CRXcavator that adds support for Mozilla Firefox and the beta version of Microsoft Edge Add-ons site. Over the last two years, CRXcavator has helped make the browser ecosystem safer and more transparent by providing developers, users, and organizations with consistent and consumable information regarding potential extension security risks. Originally released as a Duo Labs project, CRXcavator is now provided by the same team within Cisco Secure. Two years ago, we released CRXcavator (pronounced crux-cavator), a free tool that examines the security hygiene and risks of Chrome extensions, looking at criteria such as permissions and security policy, and empowers users to make informed decisions about the extensions they use. Duo Labs Jacob Rickerd Peter Jackson Lillian Lu Josephine Sulimin Cisco Secure Democratizes Extension Security for Firefox and Edge
0 kommentar(er)
